7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
0.002 Low
EPSS
Percentile
60.7%
The random number generator in the Crypto application before 2.0.2.2, and
SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses
predictable seeds based on the current time, which makes it easier for
remote attackers to guess DSA host and SSH session keys.
Author | Note |
---|---|
jdstrand | Debian squeeze has fix in 1:14.a-dfsg-3squeeze1 |
mdeslaur | erlang-ssh in in universe in lucid and natty. Patch only adds new functions to crypto library, doesnβt change existing ones, so downgrading priority. Backport is difficult due to appup changes. |